I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Selecting the 2008 Readers' Choice AwardsInformation Security and SearchSecurity.com presented more than 1,600 readers with some 360 security products, divided into 18 categories. Three categories which failed to draw sufficient reader response are covered in market articles.

Respondents were asked to rate each product based on criteria specific to each category. For each criteria, respondents scored the product on a scale of one (poor) to five (excellent). In addition, each criteria was given a weighted percentage to reflect its importance in that category.

Winners were based on the cumulative weighted responses for each product category criteria. Editors arrived at a product's overall score by calculating the average score it received for each criteria, applying the weighted percentage and adding the adjusted scores. Emerging Technologies awards were determined by Information Security and SearchSecurity.com editors.

Sophos Endpoint Security and Control garnered the gold, drawing raves from readers for its speedy and frequent signature updates. The product also earned high marks for its effectiveness in detecting, blocking and cleaning up malware, as well as its reporting and alerting capabilities.

A central management console warns of outbreak risks across the network via automatic email alerts. Sophos' host intrusion prevention system uses four layers of detection to block zero-day threats; the threat detection engine analyzes the behavior of code before it executes and prevents it from running if it is considered malicious.

Sophos is adding network access control (NAC) functionality to Endpoint Security and Control 8.0.

CA Threat Manager, an integrated antivirus and antispyware product, won the silver medal. Readers gave it high marks for the frequency and speed of its signature updates and its reporting and alerting capabilities. The product also scored well for its ability to detect and block unknown malware and zero-day exploits, plus its effectiveness in catching known malicious code.

CA Threat Manager detects and provides remediation for viruses, worms, spyware (technology acquired in 2004 from PestPatrol), keyloggers, Trojans and other malware. Features include extensive graphical reporting and support for Cisco NAC.

The product supports a variety of platforms, including Windows, Macintosh, Linux, Unix, NetWare, PDAs and Network Appliance NAS devices, and is managed via a Web-based console.

NOTABLE CA added support for Microsoft's Network Access Protection (NAP) architecture with the release last year of Threat Manager Version r8.1. More recently, it also announced support for Windows Server 2008 and SQL Server 2008.

Readers awarded the bronze to McAfee Total Protection, praising the integrated product in a number of areas. The software, which combines antivirus, antispyware, antispam, personal firewall protection and host-based intrusion prevention, earned strong reviews for the frequency and speed of its signature updates, ease of installation, configuration and administration, as well as its effectiveness in blocking and cleaning up malware.

McAfee Total Protection for Enterprise secures servers, email servers and desktops with automatic signature updates and behavior-based technology to prevent attackers from inserting malicious code into systems. The product also uses signatures and behavior-based techniques to detect and remove rootkits. It filters inbound and outbound email for spam, viruses and inappropriate content.

Total Protection for Enterprise is managed via McAfee ePolicy Orchestrator, which allows administrators to enforce policy, monitor network security and make updates from a single console. The product leverages threat research from McAfee Avert Labs, which tracks emerging threats.

NOTABLE According to Gartner, McAfee was the first traditional antivirus vendor to incorporate HIPS capabilities into its base antimalware product.

As more companies begin exposing Web services outside the network--to business partners, for example--they are abandoning proprietary EDIs for open formats such as XML, Ajax and mashup frameworks. Securing exchanges between applications becomes paramount, and Information Security readers acknowledge the trend with the gold medal for IBM's WebSphere DataPower XML Security Gateway XS40.

This is the second consecutive win in this category for the DataPower product; readers were high on its effectiveness in reporting and preventing known attacks, as well as the frequency of updates, and support from IBM.

Gari Singh, product manager for SOA appliances at IBM, says Big Blue has made considerable engineering investments in DataPower since acquiring it in 2005, including work on service registries and repositories.

NOTABLE Singh says IBM is refining best practices around securing Web 2.0 and REST-based services, bridging REST, SOAP and JSON protection, as well as securing RSS and Atom feeds.

F5 Networks' BIG-IP Application Security Manager (ASM) finished a close second to IBM in this category, with strong scores for its effectiveness in preventing known attacks and/or vulnerabilities, and vendor support and service.

ASM acts as a proxy accepting traffic before it hits users, and protects applications from the gamut of Web app threats such as cross-site scripting and forgery, SQL injections, escalation attacks and more. It does so aided by a learning feature, introduced last fall, that monitors traffic, recognizes acceptable application behavior and refines security policies in real time.

Furthermore, ASM is also available as part of F5's application delivery controller, building a security policy based on the traffic it observes.

Citrix Systems' Citrix Application Firewall utilizes what the vendor calls a positive security model that establishes a baseline of approved application behavior, and blocks any application traffic that deviates.

"There are no concerns with zero-day attacks, which can be an issue for products that rely on signatures or blacklists for protection," says Citrix product manager Morgan Gerhart.

Readers gave Citrix Application Firewall good marks for its threat protection and integration with other security tools for reporting and remediation. It can be purchased standalone, or as a module on the Citrix NetScaler Application Delivery System.

NOTABLE This technology was acquired in 2005 from Teros. Integration with the NetScaler delivery system is important because most application firewall purchases are reactive, and companies are hesitant to buy a standalone product that adds another network hop and latency, says Gerhart.

RSA SecurID is a repeat Readers' Choice winner in this category, largely on the strength of its integration and compatibility capabilities. The ubiquitous token is used as a second form of authentication in more than 30,000 customer deployments, and supports 365 products from more than 200 vendors.

"RSA's partner ecosystem has created that broad application support; that's why the product remains so successful, in spite of competitors selling tokens at a dramatically lower price," says Burton Group analyst Mark Diodati.

"Customers stay with them because the solution is easy to use and works with the apps they have."

RSA argues that SecurID's total cost of ownership is much lower than competitors' when time to production, strength of security, the ability to leverage many infrastructures and dependability are taken into account.

NOTABLE RSA is completing a re-architecture of SecurID that will affect releases later this year and into next. Agent upgrades are also on the docket, as are improvements to support on more mobile device platforms.

VeriSign's Identity Protection Authentication Service finished a close second in this category, with solid scores from readers on the security of its credentials and scalability. VeriSign's two-factor credential can be used across multiple sites; the credential is validated against VeriSign's shared infrastructure, meaning customers do not have to deploy an on-site server. Instead, they connect via SOAP-compliant Web services to VeriSign's network, reducing deployment costs.

VeriSign, like other authentication vendors, has benefited from a glut of regulatory activity mandating two-factor authentication, in particular the FFIEC guidance for online banking.

Product manager Jeff Burstein says VeriSign will concentrate development on new credential choices, including enhancements to its one-time password credit card form factor. Burstein explains that the card, built on OATH one-time password standards, fits into a consumer's wallet--preferable he says to early one-time password generators made of metal that were awkward to carry around.

NOTABLE Some PayPal and eBay customers are likely familiar with the PayPal Security Key, a $5 fob announced a year ago that is used as a second form of authentication.

Serving the enterprise and service provider markets, Juniper Networks' Steel-Belted Radius Server, acquired as part of the Funk Software purchase in 2005, got high marks for its integration capabilities.

Readers were also high on its scalability, while giving the product lower scores for vendor support, and ease of installation and configuration. The AAA server provides centralized authentication and access policy management.

The Steel-Belted Radius server line has three products.

SBR Enterprise Edition is targeted at smaller companies, giving them the ability to centralize authentication and manage remote users.

Finally, the SBR Appliance is for companies that want to run a RADIUS server as a rack-mountable device.

NOTABLE Juniper's estimated $122 million acquisition of Funk Software in 2005 came on the heels of 2004's $4 billion purchase of NetScreen Technologies and was an early move to integrate networking and security.

Lauded by readers for their ability to detect and block spam, phishing attempts and viruses, email security appliances from IronPort Systems, a business unit of Cisco Systems, won top honors.

Readers also gave the devices high marks for ease of use and ability to integrate with existing messaging applications. IronPort email security appliances use a multilayered security architecture to fight spam that includes reputation filters and context-based antispam filters. They use a similar multipronged approach to fighting viruses, employing virus outbreak filters and third-party antivirus signatures.

Barracuda Spam Firewall snagged the silver medal, winning high marks from readers in several categories. The appliance scored high in its ability to block spam and malware, integration with existing applications, end user transparency and ease of installation and administration.

The device, which comes in seven models, provides integrated antispam, antivirus, antiphishing and antispyware protection. It uses several techniques to protect an email server, including IP reputation analysis, sender authentication, user-specified policies, Bayesian analysis and rule-based scoring. End user control features allow for fine tuning and enhanced accuracy.

A single Barracuda Spam Firewall handles up to 30,000 active mail users; multiple units can be clustered for high availability. All models include outbound filtering techniques such as attachment scanning, virus filtering and rate control to ensure outgoing email is legitimate.

A system administrator monitors and manages the applications via a Web interface, and Barracuda's security operations center continuously updates the firewall with spam and virus definitions.

NOTABLE Barracuda recently enlisted help from the open source community to defend itself against patent infringement claims made by Trend Micro.

Readers awarded the bronze medal for email security to Google, which acquired Postini last September. The hosted solution scored well in its ability to block spam and other malware, as well as its ease of use and integration with existing messaging applications.

The service stops spam, viruses, phishing, denial-of-service and directory harvest attacks. Its multilayered protection includes heuristic and signature-based detection, and it provides detailed quarantine summary reporting to administrators through a Web console.

Delivered on the software-as-a-service model (SaaS), the service doesn't require hardware or software, which reduces IT resource requirements and can relieve management headaches.

Postini says its patented architecture ensures no delays or disruptions to email service, no matter how high spam volumes reach.

Google, in February, released messaging services that streamline Postini's assorted services into three basic bundles, for Lotus Notes, Microsoft Exchange and Novell GroupWise.

Buying information security technology has often been compared to buying life insurance, but user identity provisioning is one category that has offered quick, measurable ROI from the start. Novell Identity Manager, this year's identity management winner, is widely regarded as a leader in this market, automating user provisioning to get employees what they need--and only what they need--to get to work quickly.

A key part of Novell's suite of identity management tools, centered on its eDirectory LDAP service, Identity Manager resolves the labor-intensive task of provisioning users with access to the applications, information and tools they require. Role-based provisioning makes assignments by business role and policies, and automated workflows assure that changes are implemented quickly and accurately.

Access is cut promptly and accurately as roles change or employees are terminated. In addition to providing cost savings, this helps meet security and regulatory requirements.

NOTABLE While most of its leading competitors--such as Sun/Waveset, Oracle/Thor and Oblix, CA/Netegrity, IBM/Access 360--owe much of their IAM technology to acquisitions, Novell has built its products from within.

Access control was relatively straightforward when data and applications were largely restricted to business silos: company, division, department. That's all changed as Web-based access has enabled vast opportunities--and complex access and security issues.

RSA Access Manager is among the top products in the Web-based access control market, designed to bring order to the formidable task of giving employees, partners and customers quick and appropriate access via intranets, extranets, portals and Internet-facing applications.

Enterprise single sign-on (ESSO) is an essential tool in complex business environments, bringing order to the mishmash of authenticating users to multiple applications and platforms. Citrix Password Manager fills the bill for readers who gave it the bronze medal.

When coupled with Citrix's flagship product, Presentation Server, Password Manager can deliver clientless SSO access to applications through a published browser or desktop, Web Interface for Presentation Server or Windows Terminal Server via its ICA presentation protocol on a LAN connection.

Password Manager simplifies administrative chores and strengthens security. Strong password policies, and automatically enforced scheduled changes, can be applied to automated and password changes, transparent to users, who need only worry about their network log-on. It integrates with numerous multifactor authentication products, including smart cards, tokens and biometric devices.

Password Manager scored highest in end user transparency and ease of use, ease of installation, configuration and administration, and vendor service and support.

NOTABLE Citrix has won a lot of new business--1,200 new customers in 2007--with Password Manager, particularly among small to medium businesses, according to Gartner.

Say "network intrusion prevention" and the name TippingPoint almost surely will come up. Its powerful range of high-performance appliances has established the company's strong position among signature-based IPS vendors. Readers' Choice respondents backed that reputation, awarding TippingPoint Intrusion Prevention Systems appliances gold in a highly competitive category.

Readers gave TippingPoint high marks across every IPS criteria. In particular, it stood out for its ability to effectively and accurately detect and stop malicious traffic, frequency of signature updates and response to new threats, and the ability to tune the appliances to reduce false positives.

Using custom ASICs, high-performance processors and a 20 Gbps backplane, TippingPoint IPS is known for low latency, critical for detecting and/or blocking threats without false positives and without slowing traffic, especially in QoS-sensitive environments.

Cisco's line of versatile 5500 Series Adaptive Security Appliances is an appealing platform for the network infrastructure giant's IPS capabilities, earning Cisco the silver in a market featuring a number of pure-play dedicated appliances.

Cisco's IPS was a close second among Readers' Choice respondents, who gave it particularly high marks for effectiveness, update frequency, integration with network defense and management tools (no surprise considering Cisco's dominance on the network) and vendor service and support.

Adding Cisco's IPS module to the 5500 series combines signature-based intrusion prevention to a platform known for its top-shelf network firewall/VPN capabilities, built on Cisco PIX.

Organizations can use the IPS risk rating feature to base alerts and automated action on business-specific criteria, such as asset sensitivity.

Cisco-dominated shops benefit from the use of Cisco Security Manager to administer all Cisco security products from a central console.

NOTABLE Cisco is phasing out its venerable PIX firewall products, which it will continue to support for several years, in favor of the 5500s.

Coming in third is far more than a consolation prize in the IPS category. McAfee's IntruShield, one of the acknowledged leaders in this market, got plenty of strong support from readers.

McAfee scored well in all criteria, but readers particularly appreciate service and support, its effectiveness, and alerting and reporting capabilities.

McAfee, which became an instant player in the nascent network IPS arena when it acquired IntruVert in 2003, offers a line of seven IntruShield appliances, from branch office models to core workhorses that advertise 2 Gbps throughput (with a multi-gig box due out this year) and up to 1 million concurrent connections.

Perhaps IntruShield's greatest value comes in its integration with other McAfee security products under its central management platform, e-Policy Orchestrator (ePO), which is so popular it is often cited as a prime reason for McAfee keeping and building up business. For example, IntruShield can be paired with Foundstone vulnerability management to assess the risk of a particular attack actually compromising critical network assets.

McAfee has been a powerhouse in the antivirus and intrusion prevention markets for years, but it has been gradually expanding its product line of late through acquisitions and organic development. Its McAfee Endpoint Encryption offering (formerly SafeBoot Encryption) has emerged as a leader in the growing market for technologies to help protect sensitive corporate data from theft or loss.

Designed to protect high-value data on laptops and other mobile devices, McAfee Encryption boasts a long list of features, including persistent encryption of files and folders, regardless of where they're moved, support for two- and three-factor pre-boot authentication and single sign-on systems. It also integrates with Active Directory and LDAP and can support PKI deployments.

The McAfee offering received high marks from readers in a number of areas, particularly for its flexible and granular policy controls and its strong central management capabilities.

Users also liked the simple and efficient installation and configuration process and praised McAfee for strong service and support.

Symantec was among the first wave of security vendors to extend protection to the growing number of mobile devices making their way onto corporate networks, and its strength and experience in this area helped its Mobile Security Suite 5.0 offering win silver.

The suite is heavy on antimalware capabilities and integrates with Symantec Live Update. It includes protection against viruses through scheduled and on-demand file scans.

It also is able to stop SMS spam through message filtering. The Mobile Security Suite, unlike some other competitive offerings, includes a full firewall, with inbound and outbound network traffic control.

Along with file encryption and a file activity log, the offering also integrates with Symantec's Mobile VPN for network access control.

Readers rated Mobile Security Suite highly for malware protection and also praised its range of device coverage, which includes any device running Windows Mobile 5. The suite also drew compliments for its ease of management and its return on investment.

NOTABLE Mobile Security Suite includes a feature to protect itself against attack and ensure the integrity of its components.

Designed specifically with smartphones and PDAs in mind, Trend Micro's Mobile Security includes a wide variety of capabilities vital to enterprises while retaining the ease of use for which Trend Micro is known. This combination gave Mobile Security the juice to win bronze.

Trend Micro's offering includes a real-time encryption function that encrypts not only files in the device's local memory, but also files on removable SD memory cards. The suite supports several encryption algorithms, from Triple-DES to AES-256, and has on-device authentication policies as well. Like the other products in this category, Trend Micro's suite has a firewall and antimalware scanning to go along with a new central management console that enables administrators to manage mobile devices from the same console as they manage desktops and servers.

Users gave Mobile Security strong ratings for its flexible policy management capabilities and for its antimalware and data protection functionality. Users also liked Trend Micro's new central management function.

Cisco, along with Microsoft, essentially defined the network access control (NAC) market several years ago with the introduction of its Network Admission Control architecture. Since then the market has become overpopulated with smaller appliance and software vendors, but our readers put Cisco's NAC Appliance head and shoulders above the competition.

Formerly known as Clean Access, the NAC Appliance is designed to be the first point of contact for users entering a corporate network, and enables administrators to authenticate and authorize users and enforce organizational security policies before network access is granted. The system enables the enforcement of a number of different policies, depending on device type, user and role. Machines that are out of compliance can be directed to remediation servers for delivery of patches and other updates.

The NAC Appliance scored highly in virtually every category in our readers' assessment, but was especially strong in its ability to integrate with customers' existing infrastructures and its scalability. Readers also praised the appliance's variety of enforcement options and gave Cisco high marks for its service and support.

Juniper, like Cisco, is a hardware company through and through and as such, has used its expertise in building enterprise-class routers and switches to develop a line of high-performance NAC appliances.

The Unified Access Control boxes, combined with the company's Infranet Controller Appliances, finished second in this category.

The UAC appliances are designed for organizations from small businesses all the way up through large global enterprises, and include feature sets designed to meet the disparate needs of these companies. Like other NAC appliances, the UAC system includes an agent that sits on the endpoint and collects user credentials and also assesses the security posture of the machine. The agent can be installed dynamically as unknown machines attempt to connect to the network, and administrators can enforce policy at a number of different points in the network, including any 802.1x-enabled switch.

Readers gave the UAC appliances strong ratings for their range of policy checks, integration with existing infrastructures and scalability.

NOTABLE Juniper UAC can be deployed in an agentless configuration for Linux, Solaris or Mac OS X environments.

Known mainly for its industry-standard VPNs and firewalls, Check Point has made a big move into the endpoint security market of late, leveraging its acquisition of Zone Labs. The company's Integrity product, now known as Check Point Endpoint Security, snagged bronze.

Endpoint Security's main strength lies in the fact that it is a single desktop agent that comprises a wide variety of security features, including a firewall, antivirus, antispyware, network access control, program control, data security and remote access. Its NAC capabilities include the standard functions such as preconnection client inspection, remediation and quarantining. Endpoint Security also supports 802.1x authentication and VPN gateways from third-party vendors.

The product allows administrators to deploy and manage security policy for thousands of endpoints across a distributed environment from a single console.

Readers ranked Integrity highly for its policy-based network access control and its enforcement options. Users also gave the offering a strong rating for its logging and reporting and its integration with customers' infrastructures.

NOTABLE Endpoint Security has a "stealth mode" that can make protected machines invisible to attackers.

The SSG appliances suit small and medium-sized companies to large enterprises with many branch offices. The GigaScreen3 ASIC module is the cornerstone of the ISG architecture and does packet parsing, classification and session-level processing for established sessions. Juniper says its ISG 1000 and 2000 are ideally suited for securing enterprise, carrier and data center environments where advanced applications such as VoIP and streaming media dictate consistent, scalable performance.

Readers say they got their money's worth from these products, starting with the ease of installation, configuration and administration. Readers also gave high marks to the technologies' centralized management capabilities, ability to block intrusions, attacks and unauthorized network traffic, vendor service and support, and compatibility with other network security tools.

NOTABLE Organizations using Juniper security technology include Bankdata, a leading financial services provider in Denmark.

Cisco Systems' PIX firewall appliances and software finished a close second in this category, earning high marks from readers for their ability to block intrusions, attacks and unauthorized network traffic. Readers also ranked highly Cisco PIX support and service, as well as its application layer and protocol controls.

The PIX line ranges from compact desktop appliances for small offices to modular gigabit appliances for large enterprises and service providers.

NOTABLE On Jan. 28, Cisco announced the end-of-sale and end-of-life dates for Cisco PIX security appliances, software, accessories and licenses. The last day for purchasing Cisco PIX security appliance platforms/bundles will be July 28, and the last day to purchase accessories and licenses will be Jan. 27, 2009. Cisco will continue to support PIX customers through July 27, 2013.

FireWall-1 supports more than 200 applications and protocols out of the box, including SQL Server, RPC and CIFS from Microsoft, Oracle SQL and ERP, SOAP and XML, SMTP, POP3, SSL traffic and more. It also secures VoIP applications, and is able to inspect voice protocols such as SIP and H.323.

NOTABLE In a move illustrating how firewall technology has become increasingly integrated into other defenses, Check Point recently unveiled its Endpoint Security product, which combines FireWall-1, network access control (NAC), program control, antivirus, antispyware, data security and remote access.

Juniper Networks earned the gold for its Secure Access SSL VPN, with readers giving it high marks for ease of use, compatibility with other security tools and vendor support. Juniper says its SSL VPN security products have a variety of form factors and features that can be combined to meet the needs of companies of all sizes, from SMBs that need VPN access for remote/mobile employees, to large global deployments for secure remote and/or extranet access.

The technology is based on the Instant Virtual Extranet (IVE) platform, which uses SSL, the security protocol found in all standard Web browsers. The use of SSL eliminates the need for client-software deployment, changes to internal servers and costly ongoing maintenance and desktop support, Juniper says. For big global enterprises, Juniper recommends its Secure Access 6000 SSL VPN appliance. Features of this product include built-in SSL acceleration and compression for all traffic types, redundant and/or hot swappable hard disks, power supplies and fans, and dynamic access privilege management with three access methods.

Cisco Systems' VPN Concentrator Series finished a close second in this category. Readers praised its flexible, reliable and high-performance remote-access features. Cisco consistently scored well for its authentication support, end user transparency and ease of use, investment ROI and extensibility. The Cisco VPN 3000 Series offers both IPsec and SSL VPN connectivity on a single platform, and is available both in both redundant and nonredundant configurations.

One of its biggest selling points has been that it's easy to deploy, featuring an integrated Web-based management system with an interface for configuring and monitoring remote users. It is also considered one of the more affordable products around, with no added licensing costs for special features. Cisco has also touted the fact that it offers extensive application support through its dynamically downloaded SSL VPN client for WebVPN, enabling network-layer connectivity to virtually any application.

Citrix gets the bronze in this category for its Citrix Access Gateway, an SSL VPN that can securely deliver applications with policy-based SmartAccess control. Citrix's patent-pending SmartAccess technology allows administrators to control access and actions based on the user and the endpoint device. For example, a user may have full access (read, save locally, print, etc.) to a set of files when utilizing his or her office PC, but may be restricted to read-only access when connecting through an unrecognized kiosk device.

Similarly, if an employee tries to log in to the corporate network via a home PC that does not have an active antivirus update service, that employee may not be able to access certain mission-critical systems.

Readers awarded Symantec's Security Information Manager the gold medal in the security information and event management category, giving it high marks in event correlation, archiving and ease of deployment.

The Windows-based appliance collects and manages event data using sensors that are deployed on targeted systems.

The product also aids in responding to security threats by applying risk analysis metrics to the collected data.

It then prioritizes a threat list based on the organization's specific configurations, patch levels and known vulnerabilities tracked by Symantec through its Global Intelligence Network.

Built-in ticketing and workflow features also help document the response process to quickly remediate threats once they are identified.

Symantec says the tool can help organizations comply with PCI, Sarbanes-Oxley and other regulations using a log storage feature that doesn't need a major investment in hardware or storage. It captures both normalized data and raw event information and allows users to review, conduct analysis and build reports based on the data.

Readers rated highly ArcSight's Enterprise Security Manager's event correlation features and its ability to map information to an organization's unique set of policies and compliance regulations.

ESM works in conjunction with ArcSight Logger, which collects and normalizes event data and reports on security events based on rules created by the user. The tool is agentless, and uses event source connectors to collect the log data.

The data collected is compressed and stored in a proprietary file-based repository; it can store both normalized and raw event data, according to ArcSight.

The ESM takes the logging data, analyzes it and displays events on the ArcSight console, triggering alerts. ArcSight said its ESM tool also integrates with custom data sources, including home grown applications and physical security systems.

ESM's correlation capabilities can discern events connected to a specific individual and that user's business role and organizational membership. It can associate any IP address-based events with events from the enterprise's physical infrastructure.

NOTABLE ArcSight held its IPO in February and raised $50 million. Stocks were priced on the low end of their $9-$11 projections.

Combined, the tools collect, aggregate analyze and then display security events across the enterprise.

CA Audit serves as the audit logs and security event collection and data repository. It uses agents installed on target systems for data collection. The software collects and filters event data and can automatically send an alert in the event of suspicious activity.

The data collected via CA Audit is then sent to the Security Command Center, which analyzes and monitors events to aid in threat response. The command center can correlate and uncover patterns to failed logon attempts and analyze database and mainframe data to expose patterns that could be suspicious. The results are displayed on a single, centralized console that can be customized based on a user's role.

NOTABLE CA's 17 percent market share in 2006 was tops in the SIMs space, according to Gartner.

Cisco Systems' ASA 5500 Series Adaptive Security Appliance received the gold medal from readers for its breadth of security features that include a firewall, SSL and IPsec VPNs, intrusion prevention, voice and video security and content security.

Firewall protection features identity-based access control and denial-of-service attack protection. Content management features include URL filtering, antiphishing, antispam, antivirus, antispyware and content filtering. The unified communications protection can inspect and apply policy to popular voice protocols such as SIP, H.323, MGCP and SCCP.

NOTABLE The ASA 5580 data center appliance, released in January 2007, is the most recent update to the line, and features Cisco's NetFlow v9 technology.

The application control features give an administrator the ability to stop the use of peer-to-peer and instant messaging applications. The appliance also addresses security for VoIP communications, supporting SIP proxies, H.323 gatekeepers and call servers.

The appliances use multiple cores to increase performance when conducting inspections.

SonicWALL also offers several ways to deploy the appliances based on the organization's preferences, with each configuration having a different impact on performance.

Desktop and server protection features address security by adding antivirus and antispyware protection for workstations and servers. The software will restrict Internet access on endpoints that do not have the latest signature or updates.

Readers rated highly Juniper Networks' NetScreen and Secure Services Gateway security features, and service and support from the vendor.

Both platforms include stateful firewall, IPsec VPN, deep-packet inspection IPS, antivirus, antispyware, antiphishing and antiadware protection, as well as Web filtering. The higher-end SSG and NetScreen boxes also offer network segmentation capabilities and different deployment options to enable integration with existing infrastructure and security.

The NetScreen 5 series supports up to 2,000 concurrent sessions, 75 Mbps of firewall throughput and secures VPN connections with triple-DES encryption. Protocol support includes POP3, SMTP, HTTP, IMAP and FTP.

The SSG 5 and SSG 20 series support 160 Mbps of stateful firewall traffic and 40 Mbps of IPSec VPN throughput.

Information security's biggest vendors may be claiming a stake in the vulnerability management market, but privately held Qualys isn't having any of it.

Taking the top prize in this category for the second consecutive year, QualysGuard Enterprise specializes in automated vulnerability identification and remediation for large organizations with thousands of devices across segmented and remote networks.

Readers once again gave the product high marks across the board, lauding its ability to quickly and accurately identify vulnerabilities, breadth of applications and devices covered, and the vendor's service and support.

Like many vulnerability management products, QualysGuard is spreading its wings beyond strict vulnerability management with a strong emphasis on policy compliance, specifically with new features to enable documentation, enforcement and audit for internal security policies, industry regulations and government mandates.

NOTABLE It's not all roses. Current Analysis research director Andrew Braunberg says Qualys and other key players know the standalone vulnerability management market is fading away. "I think a broader compliance management play will be an easier transition for them, and they've already started it."

McAfee's vulnerability management product finished a close second, as readers noted its scalability, strong workflow and return on investment.

In addition to its baseline features, such as priority-based audit and remediation, discovery of unmanaged devices and its varied reporting options, version 6.5 of Foundstone Enterprise offers new scan management that enables scans to be run without selecting a specific scan engine. The latest edition can also import data from LDAP or Active Directory servers to more quickly identify IP addresses for scan configurations.

Perhaps most notable are numerous new policy audit features, such as Windows and UNIX host-scanning for predefined policy violations. The product also offers policy templates to help organizations check their compliance status against major industry mandates like SOX, GLBA, PCI DSS and FISMA, among others.

Current Analysis' Andrew Braunberg says McAfee wasn't quick to take advantage of Foundstone's technology following the 2004 acquisition, but that he's impressed by its new direction. "They were really a company that couldn't focus, but now they have this broad risk management play, and Foundstone was the start of that."

NOTABLE Foundstone On-Demand offers similar features via a hosted service.

In a market where most Web security gateways have the common features of spyware protection, content filtering and application controls, differentiators are integration, installation and configuration. And that's just where readers rated Barracuda Networks' Barracuda Web Filter highest. The product also received high scores for ROI.

"With the Barracuda Web Filter, you don't have to maintain five or six different servers. Simply, you have one appliance that can be installed in 10 minutes," says Barracuda Networks product manager Sean Heiney.

System updates are made hourly by Barracuda Central, an operations center that allows engineers to catalog browsed Web sites and provide spyware protection.

The product's URL blocking is bolstered by a URL database with more than 50 site categories. The Barracuda Web Filter, which integrates with popular LDAP directory servers like Microsoft Active Directory, also has no per user license fee. "We sell them a box. It has a recommended capacity, but they can have as many users as they'd like," Heiney says.

NOTABLE Barracuda Networks is embroiled in a patent infringement case brought by Trend Micro, partly over the use of the open-source Clam AV engine in this product and others.

McAfee's offerings have always focused strongly on malware prevention, so it may not come as a surprise that the vendor's Secure Web Gateway received high ratings from readers on its ability to detect known and unknown Web-based threats.

The Secure Web Gateway uses McAfee's antimalware engine, and its antispam capabilities also detect phishing URLs that may come from malicious emails.

Its Web-filtering URL database is supplied by Secure Computing's SmartFilter, and according to McAfee, the Secure Web Gateway filters Web traffic at the rate of up to 200 Mbps.

The Secure Web Gateway uses McAfee's SiteAdvisor to examine site reputation and block connections to harmful sites. Active content scanning, which allows the removal of JavaScript or ActiveX content from pages, is also a major function of the filtering engine. It also blocks instant messaging and detects outbound connections to spyware-related URLs.

Readers gave Trend Micro's InterScan Web Security Appliance high marks for granular, flexible policy creation and enforcement, as well as for its ability to detect known Web-based threats.

Chip Epps, senior product marketing manager for Trend Micro, breaks down the InterScan Web Security Appliance's success into three parts: reputation-based Web threat protection, enforced malware scanning, and the validation of Java applets and ActiveX components. The product's reputation engine--and the feedback it receives from its network of customers--helps monitor domain registrations and allow the blocking of malicious content before it reaches the gateway.

Using reputation filters on inbound and outbound traffic allows the product to stop malware like botnets from connecting to known suspicious sites. The appliance also analyzes mobile code and scans inbound content for malware.

NOTABLE Trend Micro's Damage Cleanup Service is an additional option for endpoints whose health needs to be restored; the add-on removes malware and repairs system registries and memory.

WIRELESS Wireless firewalls, access control and security systems, and IPSes

The option of using cell phone networks as a backup connection enables organizations to utilize DSL as their primary connection, but if the DSL fails, there is still a working connection, which increases reliability, says John Gordineer, product line manager at SonicWALL.

Readers applauded the Cisco Wireless Security Suite for its scalability, integration with wired security management systems, vendor support and granular and flexible policy creation, earning the product the silver medal.

The set of products provides intrusion detection, an integrated authentication framework and scalable centralized security management. WPA and WPA2 security is supported for authentication and data encryption.

The solution allows IT organizations to take readings and monitor what is in their airspace, whether there are threats, rogue access points, and more, says Chris Kozup, senior manager of mobility solutions at Cisco.

Cisco offers three wireless security solutions: a PCI product for retail environments, aiding in compliance with the PCI DSS; a version of Cisco NAC for wireless networks; and a policy and compliance solution that helps companies align IT networks and systems with business strategy and policy.

NOTABLE Cisco acquired Cognio last September to boost its wireless security efforts by, among other things, detecting and mitigating sources of RF interference.

WIRELESS Wireless firewalls, access control and security systems, and IPSes

ProSafe VPN Firewalls combine 802.11g wireless access, IPsec VPN, NAT router and an eight-port Fast Ethernet switch in one package. Readers gave the series high marks, lauding its attacker detection, access control and wired security management system integration features.

The FWG114P version includes a stateful packet inspection firewall, deep-packet inspection IPS, denial-of-service protection and logging, reporting and alert features.

Netgear's DGFV338 and FVG318 editions also feature IPsec VPN (eight dedicated tunnels) and a stateful packet inspection firewall to monitor for denial-of-service attacks, URL filtering, replay attacks and more. The DGFV338 is suited for small business and remote offices. The FVG318 is also for small networks, but can be integrated into larger environments.

NOTABLE Netgear expanded its portfolio in the SMB market, acquiring Infrant Technologies, a storage vendor catering to small businesses and home users with its ReadyNAS network attached storage line, which implements RAID data protection.

EMERGING TECHNOLOGIES Cool new technologies that will make a difference

Data has legs. As a result, in the wake of one spectacular incident after another, mobile device encryption products are drawing lots of interest.

While attention has been on software-based encryption, hardware encryption has arrived. Seagate earns Information Security editors' gold award as the top emerging technology. It was first out of the gate last spring, with its groundbreaking Momentus 5400 FDE.2 hard drives, shipping first on ASI Computer Technologies laptops, but now available on select Dell computers. Hardware-based encryption solves performance issues, and moving keys into hardware makes encryption easier to implement and manage. The drive leverages a hidden partition that stores crypto keys and Trusted Drive Manager applications from partner Wave Systems.

Beyond laptops, Seagate is working with partners IBM and LSI to bring enterprise-class encrypted drives into data centers later this year.

Drive-based encryption is one of two major hardware options. Intel is expected to launch its chip-based encryption, code named Danbury, sometime in 2008.

Even software-based encryption vendors agree hardware is the future, with their role focusing on key and other management services for Seagate, Intel and other hardware solutions.

[Silver] Application security is no longer an afterthought. Vulnerable apps are a prime--if not the prime--attack vector for getting to customer information, intellectual property and sensitive corporate data. Application development is complicated by outsourcing, which cuts costs and delivery time, but greatly increases risk.

Veracode's unique approach to application security as a service (SaaS) is tailor-made for the new development environment, which is why its SecurityReview services earned the silver award. Before the service solution, companies had two options. They could buy still-maturing application security analysis tools--a market validated when IBM and HP acquired Watchfire and SPI Dynamics respectively--or pay for very expensive consultant code/application review.

Veracode combines strong technology and an attractive model. It scours compiled code, analyzing binaries for vulnerabilities that can be exploited. This means companies can secure their applications without exposing source code to outsiders, a particular concern in an age of distributed, outsourced development. The SaaS approach is an attractive alternative to pricey consulting and allows customers to have applications, outsourced pieces of applications, or even applications they are considering buying analyzed for security flaws.

EMERGING TECHNOLOGIES Cool new technologies that will make a difference

The workforce is becoming more and more mobile every day. That's hardly news, but the problem of maintaining the security posture of laptops that are beyond the reach of corporate IT for days, weeks or months continues to bedevil enterprises.

The device is remarkable in that it gives IT managers uninterrupted, secure access to employee laptops--even when they're turned off. Imagine your laptop getting the latest patches or AV updates from headquarters in Boston while you sleep in your hotel in Singapore or while you're on vacation.

Laptop Guardian is a wireless 3G device, which allows round-the-clock monitoring and updating. The CardBus PC card has a processor, flash memory and a rechargeable battery that draws power from the laptop. It features strong authentication and single sign-on through Active Directory integration. It integrates with open-source TrueCrypt for disk encryption and supports 3DES and AES for VPN.

The device is marketed primarily through carrier channels. It's primarily aimed at the enterprise market, but Alcatel-Lucent says it has seen strong interest from SMBs.

Though they lacked sufficient responses to merit awards, these important security tools are making their presence felt.

Data Loss Prevention

After coming down a bit from the top of the hype curve, data loss prevention (DLP) is showing signs of maturing as a market.

There has been a flurry of consolidation. Some of the biggest security companies--particularly among endpoint security vendors--validated this market through major acquisitions in the last year or so. The list is striking: Symantec (Vontu), Trend Micro (Provilla), EMC/RSA (Tablus), Raytheon (Oakley Networks) and Websense (PortAuthority). McAfee started the buying stampede by acquiring Israeli company Onigma.

The presence of Symantec, McAfee and Trend Micro in the market underscores the growing focus on the point of data creation, as well as the early attention on monitoring outbound traffic at network egress points. Some vendors, such as Verdasys, base their core technology on monitoring endpoints. They are among the independent companies in the DLP market space, including Vericept, Reconnex, Code Green, Fidelis Security Systems, Workshare, Orchestria, GTB Technologies and Palisade Systems.

Databases were once secure simply because they were locked away in data centers, pretty much beyond the reach of hackers. No more. Porous Web-based apps expose customer information and sensitive corporate data, continuously open to attack via the Internet and extranets.

Nonetheless, the prime drivers for the database security market have been regulatory compliance first, security second. For the most part, we're talking about database monitoring/ auditing tools from companies like Guardium, Imperva, Tizor Systems, Lumigent, IPLocks, Sentrigo, Embarcadero Technologies and RippleTech. More recently, Symantec has helped validate the market, introducing its own product about 18 months ago.

To a lesser extent, this space includes database encryption, from Protegrity, Voltage, Decru (EMC), nCipher, Vormetric and BitArmor (Ingrian was recently acquired by SafeNet), and vulnerability assessment from the likes of Application Security, Inc. and Next Generation Security Software.

Native database security from Oracle, Microsoft and others has improved, especially in role-based access controls, but lacks the auditing capabilities and cross-platform reach of these third-party tools.

Not long ago, notions like policy compliance, risk management and governance were not generally well understood relative to information security. That's changing, thanks to debacles like Enron and WorldCom, data breaches and the maturation of information security as a function of business.

This is not an easy market category to define. Configuration/change management vendors like Configuresoft, Ecora and Tripwire gather information from diverse systems and automate workflows and reporting for operational use and compliance.

At a higher level, IT governance, risk and compliance (GRC) tools operate as control centers for all forms of information, whether gathered directly from systems, from other security/ compliance tools (VA scanners, database monitoring, SIMs, etc.) or through questionnaires and reports generated by managers. Symantec, Archer Technologies, Brabeion, Agiliance, Modulo, Polivec and others fall generally into this category.

In its MarketScope for IT GRC, Gartner estimated software license revenue at $73 million in 2007, and predicts a 70 percent increase this year.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy